<?php

if(!isset($_POST['action'])){
	die("No action");
}

// Include config file
include('./common.php');

// Connect to database
$link = dbConnect();

$user = auth($_POST['username'], $_POST['password']);
if($user == ""){
	echo "output=badLogin";
	mysql_close($link);
	return;
}

//setup the base vars
$forumID = "";
$threadID = "";
$postID = "";

if(isset($_POST['forumID'])){
	$forumID = mysql_real_escape_string($_POST['forumID']);
}

if(isset($_POST['threadID'])){
	$threadID = mysql_real_escape_string($_POST['threadID']);
}

if(isset($_POST['postID'])){
	$postID = mysql_real_escape_string($_POST['postID']);
}

//make sure they are allowed to go past this point
if(!validatePermissions($forumID, $user['id'])){
	echo "output=permissionError";
	mysql_close($link);
	return;
}

$output = "";

switch($_POST['action']){	
	case "saveThread":
		$output .= saveThread($threadID, $_POST['subject'], $_POST['sticky'], $_POST['locked'], $_POST['annoucement']);
	break;
	
	case "deleteThread":
		$output .= deleteThread($forumID, $threadID);
	break;
	
	case "deletePost":
		$output .= deletePost($forumID, $threadID, $postID);
	break;
	
	default:
		$output .= "output=noAction";
		mysql_close($link);
		return;
	break;
}

//let flash know we are good to go
echo "output=success".$output;
mysql_close($link);

function saveThread($threadID, $subject, $isSticky, $isLocked, $isAnnoucement){
	global $link;
	
	//clean up the posted data
	$subject = mysql_real_escape_string($subject);
	$isSticky = mysql_real_escape_string($isSticky);
	$isLocked = mysql_real_escape_string($isLocked);
	$isAnnoucement = mysql_real_escape_string($isAnnoucement);
	
	//handle sticky / annoucement
	$displayOrder = 0;
	if($isSticky == "true"){
		$displayOrder = 1;
	}
	if($isAnnoucement == "true"){
		$displayOrder = ANNOUCEMENT_DISPLAY_ORDER;
	}
	
	//handle locked thread
	$readOnly = 0;
	if($isLocked == "true"){
		$readOnly = 1;
	}
	
	//this will basically save/update a thread with new or even the same data as before
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_threads 
						  SET topic = '".$subject."', displayOrder = ".$displayOrder.", readMode = ".$readOnly." 
						  WHERE threadID = ".$threadID);
	
	if(!$result){
		echo "output=mySqlError&error=".mysql_error();
		mysql_close($link);
		return;
	}
	
	return "&isSticky=$isSticky&isLocked=$isLocked&isAnnoucement=$isAnnoucement";
}

function deleteThread($forumID, $threadID){
	global $link;	
	
	//alright we are clear to delete
	$result = mysql_query("DELETE FROM ".TABLE_PREFIX."_threads WHERE threadID = ".$threadID);
	if(!$result){
		echo "output=mySqlError&error=".mysql_error();
		mysql_close($link);
		return;
	}
	
	$deletedThreads = mysql_affected_rows();
	
	$result = mysql_query("DELETE FROM ".TABLE_PREFIX."_posts WHERE threadID = ".$threadID);
	if(!$result){
		echo "output=mySqlError&error=".mysql_error();
		mysql_close($link);
		return;
	}
	
	$deletedPosts = mysql_affected_rows();
	
	//take the post count down by one from the forums
	$result = mysql_query("UPDATE  ".TABLE_PREFIX."_forums 
						   SET threadCount = threadCount - ".$deletedThreads.", postCount = postCount - ".$deletedPosts." 
						   WHERE forumID = ".$forumID);
	
	//after everything is done, make sure the last post is setup
	setForumLastPost($forumID);
	
	return "";
}

function deletePost($forumID, $threadID, $postID){
	global $link;	
	
	//alright we are clear to delete
	$result = mysql_query("DELETE FROM ".TABLE_PREFIX."_posts WHERE postID = ".$postID);
	if(!$result){
		echo "output=mySqlError&error=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//clean up the thread stats
	$result = mysql_query("SELECT posted, userID 
						   FROM ".TABLE_PREFIX."_posts 
						   WHERE threadID = ".$threadID."
						   ORDER BY posted DESC");
	
	$threadCount = mysql_num_rows($result);
	
	if($threadCount > 0){
		//we still have posts in the thread, so set the replies depending on how may posts we have minus 1
		$data = mysql_fetch_object($result);
		
		$result = mysql_query("UPDATE ".TABLE_PREFIX."_threads 
							   SET replies = ".($threadCount - 1).", lastPost = ".$data->posted.", lastUserID = ".$data->userID."  
							   WHERE threadID = ".$threadID);
		$extra = "&viewPost=true";
		
		//make sure so set the lastPost in the forum
		setForumLastPost($forumID);
	}else{
		//we need to delete the thread				
		deleteThread($forumID, $threadID);
		$extra = "&viewPost=false";
	}
	
	//take the post count down by one from the forums
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_forums SET postCount = postCount - 1 WHERE forumID = ".$forumID);
	
	//let flash know we are good to go
	return $extra;
}

function setForumLastPost($forumID){
	global $link;
	
	//this will make sure that the latest post is accurate
	$result = mysql_query("SELECT p.posted, p.userID, p.threadID FROM ".TABLE_PREFIX."_posts p, ".TABLE_PREFIX."_threads t
							WHERE t.forumID = ".$forumID."
							AND p.threadID = t.threadID
							ORDER BY p.posted DESC
							LIMIT 1");
	
	$lastPost = 0;
	$lastThreadID = 0;
	$lastUserID = 0;
	
	if(mysql_num_rows($result) > 0){
		$data = mysql_fetch_object($result);
		
		$lastPost = $data->posted;
		$lastThreadID = $data->threadID;
		$lastUserID = $data->userID;
	}
	
	//update the forum
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_forums 
						   SET lastPost = ".$lastPost.", lastThreadID = ".$lastThreadID.", lastUserID = ".$lastUserID." 
						   WHERE forumID = ".$forumID);
	
}

function validatePermissions($forumID, $userID){
	//this will make sure that they are allowed to be doing admin stuff
	
	global $link;
	
	$result = mysql_query("SELECT gm.isAdmin, gm.isModerator 
						   FROM ".TABLE_PREFIX."_groupmembers gm, ".TABLE_PREFIX."_forums f
						   WHERE f.forumID = ".$forumID."
						   AND gm.userID = ".$userID."
						   AND gm.groupID = f.groupID");
	
	if(mysql_num_rows($result) >= 1){
		$data = mysql_fetch_object($result);
		
		if($data->isAdmin == 1 || $data->isModerator == 1){
			return true;
		}else{
			return false;
		}
	}else{
		return false;
	}
}
?>